Our engineering team is updating the cybersecurity architecture for a nuclear power plant subsystem, and we must guarantee that no external malware can penetrate the operational technology network while still exporting telemetry data. Is it more secure to implement a software-based firewall, or should we strictly mandate a hardware-enforced Data Diode and Cross Domain Solutions provider to isolate the networks completely?
